Forum Discussion
unable insert and run cli script to tmos
This is a really complex configuration. I've tried messing with it a little in my lab, running BIG-IP 15.1.5.1.
To answer part 1 of your question, I was able to create a new CLI script using the tmsh edit cli script syntax.
I've noticed that in this version, several procedures are automatically set when creating the script.
I've deleted those and pasted your exact syntax, then saved.
I've seen the same error message for "total-signing-status" being read-only, and just as you did I was able to complete creation by removing that line -- which I also noticed is added automatically by builder afterwards.
The error you're getting when running script, is that "tmsh modify ltm data-group internal" command is missing object name before the opening { -- which means, [lindex $tmsh::argv 3] is returning null value in your script.
I think you're supposed to pass some parameters to this procedure, or at least this is what happens in iRule code. Moreover, Data Group name is defined statically as a variable in RULE_INIT event.
Sorry for the very bad and quick paint art, but I hope this helps to clarify it.
Maybe you should try running proc with a set of parameters?
Regards
CA
- jacketNov 11, 2022Nimbostratus
Hi Valli
thanks for quick paint art for pointing the "f5_google_auth" code relation as well. The solutions are google authenticator automatic enroll the share token key into the datagroup. The datagroup name "token_keys" .
https://github.com/yamashin55/f5-google-authenticator-datagroup
i am no idea how to pass some parameter to the cli script ,Perhaps will it possible you can assist to insert some related parameter into the script for me to know how possible i can add in for further test ?
The below are irule that i export from my bigip system , i didnt modify the rule but i just change the credential only .
"add_user" {
set result [call add_totp_key "VS_F5-MGMT-ETH" "[b64encode "admin:Pacific@work123!!"]" "[ACCESS::session data get session.logon.last.username]" "[ACCESS::session data get session.custom.otp.secret]" "$static::ga_key_dg"]
log local0.info "Result: $result"
if { $result equals "Success" } {
ACCESS::session data set session.custom.add_user.result $result
}
}
"delete_user" {
set result [call delete_totp_key "VS_F5-MGMT-ETH" "[b64encode "admin:Pacific@work123!!"]" "[ACCESS::session data get session.logon.last.username]" "[ACCESS::session data get session.custom.otp.secret]" "$static::ga_key_dg"]
log local0.info "Result: $result"
if { $result equals "Success" } {
ACCESS::session data set session.custom.delete_user.result $result
}
}
}
}
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com